Skip to content
Docker Image CI

Upgrade versions and cleanup #37

Sign in to view logs

Upgrade versions and cleanup

Upgrade versions and cleanup #37

Workflow file for this run

.github/workflows/docker-image.yml at f5a2d2b
name: Docker Image CI
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- uses: actions/checkout@v3
- name: Set up maven
uses: s4u/[email protected]
with:
java-version: '11'
maven-version: '3.6.3'
- name: docker login
run: docker login -u=citelibre -p="${{ secrets.PASSWORD_DOCKER_CITELIBRE }}"
- name: Retrieve version in pom with Maven
run: echo "VERSION=$(cd citelibre-serviceEZ && mvn org.apache.maven.plugins:maven-help-plugin:2.1.1:evaluate -Dexpression=project.version | sed -n -e '/^\[.*\]/ !{ /^[0-9]/ { p; q } }')">> $GITHUB_ENV
- name: Display version
run: echo "version $VERSION"
- name: Webapp display
run: time curl -v https://dev.lutece.paris.fr/maven_repository/fr/paris/lutece/lutece-core/7.0.10/lutece-core-7.0.10-webapp.zip -o test.zip
- name: build war ihm
run: cd citelibre-serviceEZ && mkdir -p $HOME/.m2/repository/fr/paris/lutece/lutece-core/7.0.10/ && curl --http1.0 -L https://dev.lutece.paris.fr/maven_repository/fr/paris/lutece/lutece-core/7.0.10/lutece-core-7.0.10-webapp.zip -o $HOME/.m2/repository/fr/paris/lutece/lutece-core/7.0.10/lutece-core-7.0.10-webapp.zip && mvn -e lutece:site-assembly -Pdev
- name: retrieve war name
run: echo "WAR_NAME=$(cd citelibre-serviceEZ/target; ls *.war|sed -e 's/\.war//g')" >> $GITHUB_ENV
- name: build serviceEZ
run: docker build citelibre-serviceEZ --build-arg site=$WAR_NAME -t citelibre/service_ez:ihm-$VERSION
- name: build serviceEZ
run: docker save -o citelibre-serviceEZ.tar citelibre/service_ez:ihm-$VERSION
- name: Run Trivy vulnerability scanner in tarball mode of serviceEZ image
uses: aquasecurity/trivy-action@master
with:
input: /github/workspace/citelibre-serviceEZ.tar
severity: 'CRITICAL,HIGH'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'
- name: build fakesmtp
run: docker build fake-smtp -t citelibre/service_ez:fake-smtp-$VERSION
- name: build mysql
run: docker build mysql -t citelibre/service_ez:db-$VERSION
- name: build matomo
run: docker build matomo -t citelibre/service_ez:matomo-$VERSION
- name: build solr
run: docker build solr -t citelibre/service_ez:solr-$VERSION
- name: build keycloak
run: docker build keycloak -t citelibre/service_ez:keycloak-$VERSION
- name: push images on docker hub
run: |
docker push citelibre/service_ez:solr-$VERSION
docker push citelibre/service_ez:db-$VERSION
docker push citelibre/service_ez:matomo-$VERSION
docker push citelibre/service_ez:fake-smtp-$VERSION
docker push citelibre/service_ez:keycloak-$VERSION
docker push citelibre/service_ez:ihm-$VERSION
- name: update docker compose
run: |
sed -i -e "s/:fake-smtp.*$/:fake-smtp-$VERSION/g" docker-compose.yml
sed -i -e "s/:solr.*$/:solr-$VERSION/g" docker-compose.yml
sed -i -e "s/:matomo.*$/:matomo-$VERSION/g" docker-compose.yml
sed -i -e "s/:db.*$/:db-$VERSION/g" docker-compose.yml
sed -i -e "s/:ihm.*$/:ihm-$VERSION/g" docker-compose.yml
sed -i -e "s/:keycloak.*$/:keycloak-$VERSION/g" docker-compose.yml
cat docker-compose.yml
- name: Commit and push docker compose
run: |
rm -rf citelibre-serviceEZ/target
git config --global user.name "githubaction"
git config --global user.email "githubaction"
git add docker-compose.yml
git commit -m "ci(githubaction): update docker compose with version $VERSION" --allow-empty
git push